Sign in with
Sign up | Sign in

Fake Google Play App Uses Infected Phone to Launch DDoS

By - Source: Doctor Web | B 16 comments

This malware installs as Google Play and even lets infected users browse Google's storefront while secretly sending and receiving commands from malware authors.

Russian anti-virus vendor Doctor Web (Dr. Web) is now warning Android device customers about a recently discovered app that can unknowingly turn a smartphone into a platform for launching DDoS attacks.

Although the security firm didn't reveal the actual listed name of the malicious app, it's called "Android.DDoS.1.origin" in the report, and is based out of Russia. Once the app in question is downloaded and installed on an Android smartphone, it's disguised as the Google Play icon. It even connects the user to Google's virtual storefront when launched.

But as Android users browse the virtual isles of Google Play, the app secretly connects to its command and control server and uploads the infected device's phone number to the malware authors. These hackers in turn issue commands to the fake Google Play app using text messages.

"Supported directives include attack a specified server and send SMS. If criminals want the Trojan to attack a server, a command message will contain the parameter [server:port]," the firm reports.

If the app receives a command to attack a server, it will then begin flooding a specific address with data packets. If the malicious app is required to send SMS messages instead, the command message will contain both the message text and the number of a specific destination.

"Activities of the Trojan can lower performance of the infected handset and affect the well-being of its owner, as access to the Internet and SMS are chargeable services," the firm said. "Should the device send messages to premium numbers, malicious activities will cost the user even more."

Dr. Web is still trying to determine how this malware is being spread, but there's no indication that it's residing on Google Play as suggested by other reports. It's likely offered on 3rd-party Android markets meant for devices that don't provide Google-based services like Google Play and Gmail. The firm said criminals are likely employing "social engineering tricks" in addition to disguising the malware as a legitimate application from Google.

"It is worth noting that the code of Android.DDoS.1.origin is heavily obfuscated," the security firm said. "Given that the Trojan can carry out attacks on web sites and send various text messages to any number, including those of content providers, we can assume that the malware can also be used to conduct illegal activities for third parties (e.g, attack a competitor's site, promote products with SMS or subscribe users to chargeable services by sending SMS to short numbers)."

This new Android malware is still under investigation, so stay tuned.

Discuss
Ask a Category Expert

Create a new thread in the Streaming Video & TVs forum about this subject

Example: Notebook, Android, SSD hard drive

This thread is closed for comments
  • 2 Hide
    LORD_ORION , January 2, 2013 3:09 AM
    They probably invented it.
  • 0 Hide
    wildkitten , January 2, 2013 3:16 AM
    LORD_ORIONThey probably invented it.

    You're likely right.

    One of the ways these malware apps get spread isn't neccessarily on 3rd party app stores, but on Android forums. Just a couple of days on the Phandroid forums for my phone model, someone was requesting the APK of the Google Play app. Had the person responding been someone who wanted to spread this malware, the person wanting it would have got the infected version, all the while assuming they were getting a good link from a respected Android community.
  • 0 Hide
    reprotected , January 2, 2013 5:56 AM
    As you can see, this is clearly an anti-Google pro-Apple article. The virus was probably made by Dr. Web, sponsored by Apple who also paid this pro-Apple editor to write this article and post it on pro-Apple website Tom's Hardware. WE'RE NOT FALLING FOR YOUR TRICKS!!!!!!
  • Display all 16 comments.
  • 5 Hide
    wildkitten , January 2, 2013 6:16 AM
    reprotectedAs you can see, this is clearly an anti-Google pro-Apple article. The virus was probably made by Dr. Web, sponsored by Apple who also paid this pro-Apple editor to write this article and post it on pro-Apple website Tom's Hardware. WE'RE NOT FALLING FOR YOUR TRICKS!!!!!!

    I see the iHaters have become extremely paranoid, and this isn't even a Zak Islam article.

    Hate to break this to you, but Linux, and OS's like Android based on Linux, are vulnerable to malware. They are the perfectly safe little gardens that the blind fans have always claimed.
  • 3 Hide
    wildkitten , January 2, 2013 6:17 AM
    Correction for typo: Meant to say aren't perfectly safe.
  • 5 Hide
    acerace , January 2, 2013 7:46 AM
    reprotectedAs you can see, this is clearly an anti-Google pro-Apple article. The virus was probably made by Dr. Web, sponsored by Apple who also paid this pro-Apple editor to write this article and post it on pro-Apple website Tom's Hardware. WE'RE NOT FALLING FOR YOUR TRICKS!!!!!!


    The most stupid thing today.
  • 0 Hide
    JackFrost860 , January 2, 2013 8:38 AM
    it would have been more useful if Tom explained how to tell if you Android is infected
  • -2 Hide
    JackFrost860 , January 2, 2013 8:40 AM
    Why did i buy a phone with an O/S called Android? Of course it was a robot ;) 
  • 0 Hide
    Supercrit , January 2, 2013 9:10 AM
    reprotectedAs you can see, this is clearly an anti-Google pro-Apple article. The virus was probably made by Dr. Web, sponsored by Apple who also paid this pro-Apple editor to write this article and post it on pro-Apple website Tom's Hardware. WE'RE NOT FALLING FOR YOUR TRICKS!!!!!!

    I thought Apple fanboys were scary, unless this is a trolling attempt or sarcasm.
  • 1 Hide
    house70 , January 2, 2013 10:43 AM
    reprotectedAs you can see, this is clearly an anti-Google pro-Apple article. The virus was probably made by Dr. Web, sponsored by Apple who also paid this pro-Apple editor to write this article and post it on pro-Apple website Tom's Hardware. WE'RE NOT FALLING FOR YOUR TRICKS!!!!!!

    The sarcasm is strong with this one...
  • -2 Hide
    Anonymous , January 2, 2013 11:31 AM
    I've summarized the facts for all of you in the article:

    1. You would have to use some shady 3rd party Russian app store and intentionally install this "virus"
    2. It has nothing to do with Google Play other than borrowing the icon from it
    3. It's possible to write such a "virus" for any platform
    4. This may not even be real, rather just a marketing ploy to sell you antivirus for you phone

    A far cry from the tradional Windows virus that can infect you're PC just from the act of visiting a website without even installing anything, or having the PC plugged into the internet.
  • 0 Hide
    wildkitten , January 2, 2013 6:36 PM
    fakkchekkI've summarized the facts for all of you in the article:1. You would have to use some shady 3rd party Russian app store and intentionally install this "virus"2. It has nothing to do with Google Play other than borrowing the icon from it3. It's possible to write such a "virus" for any platform4. This may not even be real, rather just a marketing ploy to sell you antivirus for you phoneA far cry from the tradional Windows virus that can infect you're PC just from the act of visiting a website without even installing anything, or having the PC plugged into the internet.

    1. Not true. People on Android forums are always giving links to each other for APK's to be downloaded from, not neccessarily app store web sites. On the Phandroid forums the other day someone asked for the Google Play APK. Had someone wanted to distribute this malware, all they have to do is send a link to download it from and voila, they have the malware. And people trust each others far to much on these forums because they think of themselves as a tight knot community.

    2. Very true, but that doesn't take away from the risk and possible damages.

    3. Also true, but the blind fan kiddies of Linux and it's OS variants such as Android still scream Linux is perfectly secure.

    4. This to is a distinct possibility, or perhaps the malware is real and they made it. However, looking up Dr Web they do seem to be a legitimate antivirus company that even made the discovery of the Flashback malware on the Mac, so I would say this is likely a real threat they didn't make, but are using it to help market their own product, which isn't a bad thing as all antivirus and malware protection software makers use any sort of malware as a way of saying "Hey, we can protect you against this".
  • -2 Hide
    Tomtompiper , January 2, 2013 7:13 PM
    wildkittenI see the iHaters have become extremely paranoid, and this isn't even a Zak Islam article.Hate to break this to you, but Linux, and OS's like Android based on Linux, are vulnerable to malware. They are the perfectly safe little gardens that the blind fans have always claimed.



    Can you name me one single virus that has infected a Linux personal computer in the real world?
  • 1 Hide
    wildkitten , January 2, 2013 11:55 PM
    TomtompiperCan you name me one single virus that has infected a Linux personal computer in the real world?

    Virus.Linux.Diesel.962
    Virus.Linux.Kagob.a
    Linux.Backdoor.Rexob trojan

    Oh, sorry, that was more than one.

    Yes, there are fewer Linux viruses than viruses for Windows. Guess why that is? THERE ARE FAR FAR FEWER LINUX USERS. It's not because Linux is this magical secure OS that is can never get any form of malware. It's because malware authors target OS's where they will get noticed and/or can steal information. You can not get noticed or steal information where there are no people. However, just like Mac's got viruses when that system became more popular, if Linux use increases, you will see Linux malware springing forth, just as you see Android malware growing exponentially when Android fan kiddies said that you couldn't get malware on the Linux variant known as Android.
  • 0 Hide
    Kami3k , January 3, 2013 1:55 AM
    TomtompiperCan you name me one single virus that has infected a Linux personal computer in the real world?


    Hmmm create malware for an OS that is used on next to zero PCs or make malware for an OS used on nearly every single PC ever made in the past 15 years?
  • 0 Hide
    Tomtompiper , January 3, 2013 7:14 PM
    wildkittenVirus.Linux.Diesel.962Virus.Linux.Kagob.aLinux.Backdoor.Rexob trojanOh, sorry, that was more than one.Yes, there are fewer Linux viruses than viruses for Windows. Guess why that is? THERE ARE FAR FAR FEWER LINUX USERS. It's not because Linux is this magical secure OS that is can never get any form of malware. It's because malware authors target OS's where they will get noticed and/or can steal information. You can not get noticed or steal information where there are no people. However, just like Mac's got viruses when that system became more popular, if Linux use increases, you will see Linux malware springing forth, just as you see Android malware growing exponentially when Android fan kiddies said that you couldn't get malware on the Linux variant known as Android.



    I asked for real infections, not potential threats, I can find not one single verifiable instance of any of those listed infecting a computer. If you have said information can you link it. As for Android, again lots of scare stories, but only stupid people stealing software via illegal sites will get infected, and slap it up them, they deserve what they get.
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter